Slackware64-current ChangeLog (2018-10-10)

Wed Oct 10 23:09:36 UTC 2018

Packages

Upgraded

d/git-2.19.1-x86_64-1.txz
Submodules' “URL“s come from the untrusted .gitmodules file, but we
blindly gave it to “git clone” to clone submodules when “git clone
–recurse-submodules” was used to clone a project that has such a
submodule. The code has been hardened to reject such malformed URLs
(e.g. one that begins with a dash). Credit for finding and fixing this
vulnerability goes to joernchen and Jeff King, respectively.
For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456
(* Security fix *)